chrome/app/generated_resources.grd

Index: chrome/app/generated_resources.grd
diff --git a/chrome/app/generated_resources.grd b/chrome/app/generated_resources.grd
index 2298421f82397a447e13adbd847e4f59c3682f46..94879f71bd928406903cb6767c5a025aa7049a57 100644
--- a/chrome/app/generated_resources.grd
+++ b/chrome/app/generated_resources.grd
@@ -9700,16 +9700,16 @@ I don't think this site should be blocked!
       </message>
 
       <message name="IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_NO_CT" desc="The text of the identity section when the page is secure and no Certificate Transparency information is present.">
-        The identity of this website has been verified by <ph name="ISSUER">$1<ex>VeriSign</ex></ph> but does not have public audit records.
+        The identity of this website has been verified by <ph name="ISSUER">$1<ex>VeriSign</ex></ph>. The certificate does not have signed certificate timestamps.

[Ryan Sleevi, 2015/04/30 21:15:56]

Do we have any complaints/concerns/questions from users about these strings? I
only know of one complaint, and that was from a CA.

If you're wanting to escalate from "Care about users" to "Care about developers"
(something I'm still mixed on, as that has been antithetical to much of Chrome's
design philosophy - c.f. the lack of options, the lack of about:config, the
intentional lack of extensions that par with Firefox), then I think it might be
better to simply say

"The identity of this website has been verified by blah, but has not been
cross-checked with Certificate Transparency."

I find the above string gross and disgusting, but less so than what's proposed.
So I mean, I'm grumpy all around, to be clear. I don't want to use a word like
"verified" or "validated" with Certificate Transparency, because that's not what
it does. Saying "publicly disclosed via Certificate Transparency" is more
accurate, but seems equally vague.

It's still unclear what problem you're trying to solve by changing these
strings, so as a reviewer, it's hard to evaluate whether these proposed changes
actually solve that problem. I have no doubt that you're trying to solve one,
but that's still unclear to me :)

[davidben, 2015/04/30 21:26:31]

+1 that "signed certificate timestamps" is an unhelpfully opaque message. The
complaint Ryan cites isn't even resolved by this change (and I don't think it's
worth doing anything about that because it was a really silly technicality).

[lgarron, 2015/04/30 22:48:42]

First-order issue: I've seen people take the "but" in the sentence to mean that
this affects the lock icon. Even just splitting this into two sentences sounds
better to me.

If you'd like a complaint, here's a complaint: I still personally don't really
know if "public audit records" refers to the CT logs or the SCTs (and I know
more about CT than most web devs who will eventually have to deal with this). As
far as I have seen, Chrome is only place to use this phrase in a browser-side
context. I would just like this string to talk about what is actually going on
instead of using a euphemism.

[davidben, 2015/04/30 23:19:29]

*shrug* Two sentences SGTM.
I'm not sure what the certificate having a CT log would even mean. The
certificate presents a proof that it has been publicly audited in a log. That
proof is in the form of an SCT. Signed certificate timestamps is an overly
technical term I think.

We don't say "The identity of this website has been verified by verifying a
signature by its public key (as verified by VeriSign) on key exchange material
in the TLS handshake", even though that signature check is actually the critical
step in proving the site's validity. :-P

It's pretty natural that Chrome would be the only place that uses the phrase in
a browser considering that no other browser has CT.

       </message>
       <message name="IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_CT_VERIFIED" desc="The text of the identity section when the page is secure and a Signed Certificate Timestamp from a known Certificate Transparency log is present and valid.">
-        The identity of this website has been verified by <ph name="ISSUER">$1<ex>VeriSign</ex></ph> and is publicly auditable.
+        The identity of this website has been verified by <ph name="ISSUER">$1<ex>VeriSign</ex></ph>. The certificate has valid signed certificate timestamps.
       </message>
       <message name="IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_CT_UNVERIFIED" desc="The text of the identity section when the page is secure and contains a Signed Certificate Timestamp from an unknown Certificate Transparency log.">
-        The identity of this website has been verified by <ph name="ISSUER">$1<ex>VeriSign</ex></ph>, it claims to have public audit records, but the records cannot be verified.
+        The identity of this website has been verified by <ph name="ISSUER">$1<ex>VeriSign</ex></ph>. The certificate has signed certificate timestamps (SCTs), but the SCTs cannot be verified.
       </message>
       <message name="IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_CT_INVALID" desc="The text of the identity section when the page is secure, but it contains a Signed Certificate Timestamp from a known Certificate Transparency log that failed to verify.">
-        The identity of this website has been verified by <ph name="ISSUER">$1<ex>VeriSign</ex></ph>, but its public audit records failed verification.
+        The identity of this website has been verified by <ph name="ISSUER">$1<ex>VeriSign</ex></ph>. The certificate has signed certificate timestamps (SCTs), but the SCTs failed verification.
       </message>
 
       <message name="IDS_PAGEINFO_ADDRESS" desc="Locality as reported in the EV identity text.">
@@ -9721,16 +9721,16 @@ I don't think this site should be blocked!
       </message>
 
       <message name="IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_EV_NO_CT" desc="The text of the identity section when the page is secured with an EV cert and no Certificate Transparency information is present.">
-        The identity of <ph name="ORGANIZATION">$1<ex>Google</ex></ph> at <ph name="LOCALITY">$2<ex>Mountain View, CA US</ex></ph> has been verified by <ph name="ISSUER">$3<ex>VeriSign</ex></ph> but does not have public audit records.
+        The identity of <ph name="ORGANIZATION">$1<ex>Google</ex></ph> at <ph name="LOCALITY">$2<ex>Mountain View, CA US</ex></ph> has been verified by <ph name="ISSUER">$3<ex>VeriSign</ex></ph>. The certificate does not have signed certificate timestamps.
       </message>
       <message name="IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_EV_CT_VERIFIED" desc="The text of the identity section when the page is secured with an EV cert and a Signed Certificate Timestamp from a known Certificate Transparency log is present and valid.">
-        The identity of <ph name="ORGANIZATION">$1<ex>Google</ex></ph> at <ph name="LOCALITY">$2<ex>Mountain View, CA US</ex></ph> has been verified by <ph name="ISSUER">$3<ex>VeriSign</ex></ph> and is publicly auditable.
+        The identity of <ph name="ORGANIZATION">$1<ex>Google</ex></ph> at <ph name="LOCALITY">$2<ex>Mountain View, CA US</ex></ph> has been verified by <ph name="ISSUER">$3<ex>VeriSign</ex></ph>. The certificate has valid signed certificate timestamps.
       </message>
       <message name="IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_EV_CT_UNVERIFIED" desc="The text of the identity section when the page is secured with an EV cert and contains a Signed Certificate Timestamp from an unknown Certificate Transparency log.">
-        The identity of <ph name="ORGANIZATION">$1<ex>Google</ex></ph> at <ph name="LOCALITY">$2<ex>Mountain View, CA US</ex></ph> has been verified by <ph name="ISSUER">$3<ex>VeriSign</ex></ph>, it claims to have public audit records, but the records cannot be verified.
+        The identity of <ph name="ORGANIZATION">$1<ex>Google</ex></ph> at <ph name="LOCALITY">$2<ex>Mountain View, CA US</ex></ph> has been verified by <ph name="ISSUER">$3<ex>VeriSign</ex></ph>. The certificate has signed certificate timestamps (SCTs), but the SCTs cannot be verified.
       </message>
       <message name="IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_EV_CT_INVALID" desc="The text of the identity section when the page is secured with an EV cert, but it contains a Signed Certificate Timestamp from a known Certificate Transparency log that failed to verify.">
-        The identity of <ph name="ORGANIZATION">$1<ex>Google</ex></ph> at <ph name="LOCALITY">$2<ex>Mountain View, CA US</ex></ph> has been verified by <ph name="ISSUER">$3<ex>VeriSign</ex></ph>, but its public audit records failed verification.
+        The identity of <ph name="ORGANIZATION">$1<ex>Google</ex></ph> at <ph name="LOCALITY">$2<ex>Mountain View, CA US</ex></ph> has been verified by <ph name="ISSUER">$3<ex>VeriSign</ex></ph>. The certificate has signed certificate timestamps (SCTs), but the SCTs failed verification.
       </message>
 
       <message name="IDS_PAGE_INFO_SECURITY_TAB_UNKNOWN_PARTY" desc="The default name used when we did not find a principal name.">
@@ -9751,19 +9751,19 @@ I don't think this site should be blocked!
       </message>
 
       <message name="IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTED_CONNECTION_TEXT" desc="The text of the connection section when the connection is encrypted.">
-        Your connection to <ph name="DOMAIN">$1<ex>www.google.com</ex></ph> is encrypted with modern cryptography.
+        Your connection to <ph name="DOMAIN">$1<ex>www.google.com</ex></ph> is encrypted with a modern protocol and cipher suite.

[davidben, 2015/04/30 21:26:31]

This message doesn't currently have anything to do with the protocol in us. If
you're going for accuracy, "modern cipher suite" is better. That logic is only
conditioned on the cipher suite and not the TLS version. The TLS version only
figures in at all just because 1.2 is when the AEADs come in. TLS 1.2 + CBC mode
is no less broken than TLS 1.1 + CBC. (1.1 vs 1.0 CBC does have a difference,
but the CBC modes are all around terrible and we haven't distinguished those
thus far and do record-splitting anyway.)

[lgarron, 2015/04/30 22:48:42]

Our logic actually checks the TLS version explicitly (even if it's redundant/an
optimization/a sanity check):
https://code.google.com/p/chromium/codesearch#chromium/src/chrome/browser/ui/...

I'd prefer being clear that TLS 1.2 is also part of this, but either sounds fine
to me.

[davidben, 2015/04/30 23:19:29]

Interesting. Talking about versions is, I think, undesirable as it complicates
the story once TLS 1.3 exists (for the same reason I objected to the FAQ
wording, though that one was more misleading). We don't really have any reason
yet to demote TLS 1.2 once TLS 1.3 (or 2.0 if they end up calling it that)
exists and is implemented. Certainly it'd be nice to get rid of it someday like
anything else, and there's a few things that can be improved upon from 1.2 like
SKX signatures. But we don't have any imminent security need yet. The CBC modes
are different because they are known to be really terrible.

(Oh, another wrench to throw into the mix if you're going for nitpicky technical
accuracy this time is that these words are also used for QUIC which doesn't
really call them cipher suites. You don't even negotiate suites in QUIC; you
negotiate each piece individually.)

       </message>
       <message name="IDS_PAGE_INFO_SECURITY_TAB_WEAK_ENCRYPTION_CONNECTION_TEXT" desc="The text of the connection section when the connection uses weak encryption.">
-        Your connection to <ph name="DOMAIN">$1<ex>www.google.com</ex></ph> is encrypted with obsolete cryptography.
+        Your connection to <ph name="DOMAIN">$1<ex>www.google.com</ex></ph> is encrypted with a deprecated protocol or cipher suite.

[davidben, 2015/04/30 21:26:30]

"deprecated" elsewhere in Chrome has usually referred to things we have imminent
plans to remove. We do not have imminent plans to remove CBC mode ciphers as
their use is too high.

[lgarron, 2015/04/30 22:48:42]

And "obsolete" usually means it's gone. :-P
Got a better word (that isn't going to lead to more discussion)? "old"?
"outdated"?

[davidben, 2015/04/30 23:19:29]

Hrm. That's true, we did use that word for SSL 3. But I think it's more
important that we not confuse deprecation wording as those are the cases where
we expect non-zero usage (hence yellow icon for now) and we actively want to
drive the numbers down. Something we've outright removed, we've already
considered the breakage numbers to be acceptable.
I dunno, weak? They are weak. That's why we don't like them. outdated seems
reasonable too.

       </message>
       <message name="IDS_PAGE_INFO_SECURITY_TAB_NOT_ENCRYPTED_CONNECTION_TEXT" desc="The text of the connection section when the connection is not encrypted.">
         Your connection to <ph name="DOMAIN">$1<ex>www.google.com</ex></ph> is not encrypted.
       </message>
       <message name="IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTED_INSECURE_CONTENT_WARNING" desc="Some extra text of the connection section when the connection is encrypted and the page contains insecure content which has been displayed (e.g. images, CSS).">
-        However, this page includes other resources which are not secure. These resources can be viewed by others while in transit, and can be modified by an attacker to change the look of the page.
+        Further, this page includes other resources which are not secure. These resources can be viewed by others while in transit, and can be modified by an attacker to change the look of the page.
       </message>
       <message name="IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTED_INSECURE_CONTENT_ERROR" desc="Some extra text of the connection section when the connection is encrypted and the page contains insecure content which has been run (e.g. script).">
-        However, this page includes other resources which are not secure. These resources can be viewed by others while in transit, and can be modified by an attacker to change the behavior of the page.
+        Further, this page includes other resources which are not secure. These resources can be viewed by others while in transit, and can be modified by an attacker to change the behavior of the page.
       </message>
       <message name="IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTED_SENTENCE_LINK" desc="Linking 2 sentences in 1 paragraph.">
         <ph name="SENTENCE1">$1<ex>Your connection is encrypted.</ex></ph> <ph name="SENTENCE2">$2<ex>However, this page includes resources from other pages whose identity cannot be verified.</ex></ph>
@@ -9772,7 +9772,7 @@ I don't think this site should be blocked!
         The connection uses <ph name="SSL_VERSION">$1<ex>TLS 1.0</ex></ph>.
       </message>
       <message name="IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTION_DETAILS" desc="This message gives details of the cryptographic primitives used to protect the HTTPS connection.">
-        The connection is encrypted using <ph name="CIPHER">$1<ex>AES_128</ex></ph>, with <ph name="MAC">$2<ex>SHA1</ex></ph> for message authentication and <ph name="KX">$3<ex>RSA</ex></ph> as the key exchange mechanism.
+        The connection is encrypted using <ph name="CIPHER">$1<ex>AES_128</ex></ph>, with <ph name="MAC">$2<ex>HMAC-SHA1</ex></ph> for message authentication and <ph name="KX">$3<ex>RSA</ex></ph> as the key exchange mechanism.
       </message>
       <message name="IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTION_DETAILS_AEAD" desc="This message gives details of the cryptographic primitives used to protect the HTTPS connection. It should be translated in a similar manner as IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTION_DETAILS">
         The connection is encrypted and authenticated using <ph name="CIPHER">$1<ex>AES_128_GCM</ex></ph> and uses <ph name="KX">$2<ex>RSA</ex></ph> as the key exchange mechanism.